Government-operated spyware on the rise around the world – report

More and more regimes across the world are using Western-made ‘lawful intercept’ software to spy on their own citizens, a brand new report has revealed.

Citizen Lab, a digital research unit at the University of
Toronto, says that servers running notorious FinFisher software
have been found in eleven new countries over the past year,
bringing the total number of states where servers have been
detected to 36.

FinFisher is an "IT intrusion and remote monitoring
solution" that is "solely offered to law enforcement and
intelligence agencies", according to its makers Gamma
International. Behind the euphemisms is a toolkit of malware which
can infect a user’s computer or phone and then track his movements,
record his conversations, and steal his confidential documents and
passwords.

It is produced by Gamma International, an Anglo-German company
registered in the British Virgin Islands. It first rose to
prominence two years ago when documents published on whistleblower
website Wikileaks revealed that the Egyprian security services
during the regime of Hosni Mubarak paid over $350,000 to use the
software.

Citizen Lab says ‘permissive’ standards are used by Gamma
International and other publicity-shy companies in the largely
unregulated spyware market. They also argue that the term ‘lawful
intercept’ – which allows the companies to sell hacking software
without being arrested – is just a fig leaf.

“There is nothing inherently lawful about the capabilities of
these tools. They are simply trojans sold to states, not
individuals,” declares the report.

Citizen Lab says the location of the servers does not
necessarily mean they are being operated by governments in those
countries, but they also point out that the true number of clients
may be much higher than the scan has revealed, as Gamma
International constantly tries to conceal the signature of its
servers.

In any case, recent examples of Finfisher being used
unethically, and possibly illegally are plentiful.

In Morocco Mamfakinch, a website critical of the government, was
infiltrated through software posing as popular browser Mozilla
Firefox.

Somewhat ironically, anti-government activists in Bahrain were
targeted with a fake email attachment that alleged to shed the
latest information on state-sanctioned torture.

In Malaysia, politically active internet users were monitored
after they clicked on a list of candidates in the upcoming
presidential election.

“The 20th century is rife with politically motivated abuse of
electronic surveillance that runs contrary to legal and
constitutional protections. There is no reason to suspect that
remote intrusion and surveillance software
isn’t subject to the same temptations,” say the reports
authors.

Instead, of lofty words, the Mozilla Foundation, which produces
Firefox, has sent a cease-and-desist order to Gamma International.
On its blog it said the company "uses our brand and trademarks
to lie and mislead as one of its methods for avoiding detection and
deletion" while its software is "used by Gamma’s customers
to violate citizens’ human rights and online privacy”.

But Citizen Lab has called not for piecemeal defensive legal
moves, but a new level of supervision for the shadowy commercial
surveillance industry, estimated to be worth $5 billion. It hopes
its attempt at a comprehensive study, reveals the scale of the
problem.

“The proliferation of increasingly powerful commercial
surveillance tools has serious implications not just for dissidents
and activists, but for all of us, no matter our citizenship,”
the report summarizes.